[ CyberAr... Reviews ](https://www.g2.com/products/cyberark-workforce-identity/reviews) [ CyberAr... Reviews ](https://www.g2.com/products/cyberark-workforce-identity/reviews) # CyberArk Workforce Identity Features ##### ## Authentication Options (6) Authentication User experience Process of providing credentials and logging into multiple systems is easy and intuitive for users Supports Required Authentication systems Supports required 3rd party Authentication Technologies. Example systems: bioMetric, passwords, key cards, token based systems, etc. Multi-Factor Authentication Provides support for Multi-Factor authentication, so users are required to provide multiple factors to authenticate. For example, something they know, Something they have or something they are. Supports Required Authentication Methods/Protocols Support SSO via Web agents, proxy agents, agent-less, SAML or oAuth and WS-Federation authentication and authorization Web services depending upon the application and business use case Federation/SAML support (idp) Can serve as the identity provider to external service providers so that when the user logs into a service, instead of providing credentials to the service provider, the service provider trusts the identity provider to validate the credentials. Federation/SAML support (sp) Can serve as the Service provider from an external service so that when the user logs in externally they have seamless SSO to internal applications from a service provider. Show More ##### ## Access Control Types (5) Endpoint access Provides ability to control access to PC's, Mobile devices, and other endpoint devices. Local Access Controls access to legacy applications, web based applications, network resources and servers while employees are on the companies local area network. Remote Access Controls access to legacy applications, web based applications, networks resources while employees are outside the local area network. Partner Access Controls access to users that are not company employees that are either within the companies local area network or outside the network Supports BYOD users Enables users to use their own device to access company applications. Show More ##### ## Administration (20) Ease of installation on server Installation process is easy and flexible. Password Policy Enforcement Options for resetting and enforcing password policies Administration Console Provides Administration tools/console that are easy to use and learn for routine maintenance tasks Ease of connecting applications Easily provisions new systems, platforms or applications using configuration and not customization. Self Service Password Administration Users can set, change passwords without interaction from IT staff Reporting Standard and customized report creation to ensure appropriate access rights have been assigned Mobile App Provides mobile application that alerts administrators of potential issues and allows administrators manage access rights Ease of set up for target systems Support for wide variety of cloud and on premise apps to automate provisioning for existing and new applications procured APIs Provides appropriate application interfaces to enable custom integrations for unique business requirements Smart/Automated Provisioning Automates account/access rights creation, changes and removals for on-premise and cloud apps Policy Management Enables administrators to create access policies and applies policy controls throughout request and provisioning processes On-premise identity repositories supported Variety and Quality of integrations (ie Active Directory, LDAP) Ease of Connecting Applications Easily provisions new systems, platforms or applications using configuration and not customization. Encryption Encrypts all data transfers using end-to-end encryption. Audit Trails Provides audit trails to monitor useage to reduce fraud. Regulatory Compliance Complies with regulations for strong customer authentication such as KYC, PSD2, and others. Bi-Directional Identity Synchronization Keep identity attributes consistent across applications whether the change is made in the provisioning system or the application. Policy Management Enables administrators to create access policies and applies policy controls throughout request and provisioning processes. Cloud Directory Provides or integrates with a cloud based directory option that contains all user names and attributes. Application Integrations Integrates with common applications such as service desk tools. Show More ##### ## Platform (7) Multiple Operating system support Supports Endpoint access control to multiple operating systems Multi-Domain Support Allows user authentication to be honored by all the hosts in two or more domains Cross Browser support Support access to browser based applications across required browser types Fail over protection Provides required failover mechanisms to ensure if one server, network, etc fails users are still able able to authenticate Reporting Contains pre-built and custom reporting tools to required to manage business Auditing Provides mechanism for auditing authentication for trouble shooting purposes. Third Party Web Services support Can call and pass credentials to third party web services. Show More ##### ## User on/off Boarding (6) Self Service Access requests Users can request access to an application and be automatically provisioned if they meet policy requirements Smart/Automated Provisioning Automates account/access rights creation, changes and removals for on-premise and cloud apps Role Management Establish roles that create a set of authentication rights for each user in the role Policy Management Enables administrators to create access policies and applies policy controls throughout request and provisioning processes Access Termination Terminate access to multiple applications based on dates Approval Workflows Allow business stake-holders/managers to approve or reject requested changes to access via a defined workflow Show More ##### ## User Maintenance (3) Self Service Password Reset Enables users to reset passwords without administrator interaction. Enforces password policies when resetting. Bulk Changes Change users and permissions in bulk Bi-directional Identity Synchronization Keep identity attributes consistent across applications whether the change is made in the provisioning system or the application Show More ##### ## Governance (2) Identifies and Alerts for Threats Alerts administrators when inappropriate access occurs Compliance Audits Proactively audits access rights against policies Show More ##### ## Authentication type (8) SMS-Based Sends a one-time passcode (OTP) via SMS. Voice-Based Telephony Provides a one-time passcode (OTP) via voice-call. Email-Based Sends a one-time passcode (OTP) via email. Hardware Token-Based Supports hardware tokens, which are often USB-sized, fob-like devices that store codes. Software Token Offers software tokens, which are applications installed on a mobile phone, wearable devices, or desktops and generate time-based one-time passcodes (TOTP) that a user can easily copy. Software tokens work both online and offline. Biometric Factor Allows biometric factors such as fingerprints, faceprints, voiceprints, or other biometric information to be used as an authentication factor. Mobile-Push Offers mobile push authentication, which is a user-friendly method that does not require a user to copy a code, but rather accept or deny an authentication using a mobile application. Mobile push authentication only works when a user is connected to the internet. Risk-Based Authentication Analyzes users' IP addresses, devices, behaviors and identities to authenticate a user. Show More ##### ## Security (4) Security Automation Allows administrative control over automated security tasks. Application Security Protects application access and data. Prompts additional authentication for suspicious users. Workload Protection Protects computing resources across a network. Prompts additional authentication for suspicious users. Data Protection Protects informatin stored on premises and in the cloud. Prompts additional authentication for suspicious users. Show More ##### ## Identity Management (3) Adaptive Access Control Provides a risk-based approcach to determining trust within the network. Identity Scoring Calculates risk based on user behavior, permissions, and requests. User Monitoring Monitors users attempting unauthorized access to databases, applicaitons, and othe network components. Show More ##### ## Access Control (4) Role Management Establish roles that create a set of authentication rights for each user in the role Access Termination Terminate access to multiple applications based on dates Remote Access Controls access to legacy applications, web based applications, networks resources while employees are outside the local area network. Partner Access Controls access to users that are not company employees that are either within the companies local area network or outside the network Show More ##### ## Functionality (19) SSO Provides a single access point for users to access multiple cloud products without multiple logins. Multi-Factor Authentication Provides support for Multi-Factor authentication, so users are required to provide multiple factors to authenticate. For example, something they know, Something they have or something they are. Supports Required Authentication systems Supports required 3rd party Authentication Technologies. Example systems: bioMetric, passwords, key cards, token based systems, etc. Self-registration and self-service Enables a seamless customer experience with self-registration and self-service functions, including account creation and preference management. Authentication Verifies user identity with authentication, which may include multiple multi-factor authentication methods. Scalability Scales to support growing a customer base. Consent and preference management Captures and manages a customer's consent and preferences to comply with data privacy laws such as GDPR and CCPA. Social login Offers users the option to sign in with social media accounts. Customer data linking Integrates with directories or other data stores that house customer data to create a complete view of a customer. FIDO2-compliant Offers FIDO2-enabled authentication method Works with hardware security keys Works with hardware security keys Multiple authentication methods Offer users multiple ways to authenticate including, but not limited to: mobile push on trusted devices, FIDO-enabled devices, physical security keys, keycards, smart watches, biometrics, QR codes, desktop app + pin, and others. Offline or no-phone solution Offers solutions when users are offline or do not have access to a mobile phone. User provisioning Simplifies or automates user provisioning, deprovisioning, and other user role changes. Password manager Offers password management tools to end users. Single Sign-on Offers single sign-on functionalities to end users, allowing them to authenticate once and be given access to all of their company accounts. Enforces policies Enforces user-access policies based on individual, role type, group membership or other factors to prevent unauthorized access to company systems and data. Authentication Authenticates users prior to granting access to company systems. Multi-factor authentication Offers multi-factor authentication methods to verify a user's identity. Show More ##### ## Integration (4) Uses Open Standards Connections use open standards such as SAML or RADIS. Mobile SDK Offers developers a mobile software development kit to seamlessly add biometric authentication into their applications. Workforce Authentication Integrates with identity and access management (IAM) solutions to manage workforce authentication. Customer Authentication Integrates with customer identity and access management (ICAM) solutions to manage customer authentication. Show More ##### ## Analysis (4) Continuous Analysis Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering. Behavioral Analysis Constantly monitors acivity related to user behavior and compares activity to benchmarked patterns and fraud indicators. Data Context Provide insights into why trends are occurring and what issues could be related. Activity Logging Monitors, records, and logs both real-time and post-event activity. Show More ##### ## Detection (3) Anomaly Detection Constantly monitors activity related to user behavior and compares activity to benchmarked patterns. Incident Alerts Gives alerts when incidents arise. Some responses may be automated, but users will still be informed. Activity Monitoring Monitors the actions from endpoints within a network. Alerts users of incidents and abnormal activities and documents the access point. Show More ##### ## Type (1) Cloud-solution Provides an IAM solution for cloud-based systems. Show More ##### ## Reporting (4) Tracking Tracks user activities across protected systems. Reporting Provides reporting functionality. Access & Permission Change Reporting Log and report all modifications to user roles and access rights. Compliance & Audit Trail Export Provide standardized reports for regulatory compliance and audits. Show More ##### ## Implementation (3) Easy Setup Offers an easy to understand user interface to make setup smooth. Mobile SDK Offers a mobile software development kit (SDK) for iOS, Blackberry, and Android. Web SDK Offers a software development kit (SDK) for web-based applications. Show More ##### ## Monitoring (5) Investigate Investigate identity threats with contextual user information. Monitoring Monitor & detect malicous identity and privileges activity Misconfigurations Identify identity-related misconfigurations. Integrate Offers integrations to identity store providers. Visability Provide full coverage of identity estate with granular detail. Show More ##### ## Remediation (2) Remediation Remove unauthorized accounts and excessive privileges Audit Provides full audit trail with notifications, ticketing, and compliance information. Show More ##### ## Generative AI (2) AI Text Summarization Condenses long documents or text into a brief summary. AI Text Generation Allows users to generate text based on a text prompt. Show More ##### ## Agentic AI - User and Entity Behavior Analytics (UEBA) (4) Autonomous Task Execution Capability to perform complex tasks without constant human input Multi-step Planning Ability to break down and plan multi-step processes Proactive Assistance Anticipates needs and offers suggestions without prompting Decision Making Makes informed choices based on available data and objectives Show More ##### ## Agentic AI - AWS Marketplace (3) Autonomous Task Execution Capability to perform complex tasks without constant human input Multi-step Planning Ability to break down and plan multi-step processes Cross-system Integration Works across multiple software systems or databases Show More ##### ## Authentication & Authorization - Identity and Access Management (IAM) (1) Adaptive & Contextual Access Control Grant access based on user attributes, location, device posture or risk. Show More ##### ## Administration & Governance - Identity and Access Management (IAM) (2) Identity Lifecycle Management Automate onboarding, offboarding, and access reviews throughout user lifecycles. Self‑Service Account Management Enable users to reset passwords and update profiles without admin support. Show More ##### ## Generative AI - Identity and Access Management (IAM) (3) AI‑Driven Access Anomaly Detection Identify unusual access patterns using machine learning models. Automated Policy Tuning Dynamically adjust access policies based on risk and AI-generated insights. Predictive Role Recommendations Suggest appropriate user roles based on usage patterns and peer behavior. Show More ##### ## AI Authentication Risk Management - Customer Identity and Access Management (CIAM) (5) Adaptive MFA Possesses AI-driven triggers to determine when to require MFA or stronger authentication rather than always requiring it. Anomaly Detection Builds profiles of known devices/environments per user and flags deviations such as new devices, new networks, and/or suspicious locations as higher risk. Fraudulent Login Detection Spot fraudulent behavior, such as account takeover attempts, credential stuffing, bots, and brute force attacks through the use of AI. Adaptive Authentication Policies Uses machine learning to analyze past authentication events and suggest optimizations to security policies (e.g. thresholds, triggers) or to adjust rules over time. Risk-Based Authentication Leverages AI to assign a risk score to a login attempt based on context, device, IP, historical patterns to dynamically decide whether to prompt for MFA, additional challenges, or allow seamless login. Show More ##### ## AI Biometric & Behavioral Analysis - Customer Identity and Access Management (CIAM) (2) Behavioral Biometric Analysis Monitors behavioral signals including typing patterns, mouse movement, and/or touch/swipe dynamics to verify user identity either at login or continuously after login. Liveness Detection Uses computer vision, facial recognition, or other biometrics during onboarding or at risk events, with AI-based liveness checks to prevent spoofing or replay attacks. Show More ##### ## AI Context-Aware Security Controls - Customer Identity and Access Management (CIAM) (2) Account Recovery Assistants Generates dynamic prompts to guide users through account recovery workflows. Constraint Enforcement Implements artificial intelligence to filter, rewrite, or block prompts that attempt to access unauthorized data, escalate privileges improperly, exploit system weaknesses, or otherwise re-provision customer access permissions. Show More [ ![Hire2Retire](https://images.g2crowd.com/uploads/product/hd_favicon/d7062c650335c60b8e2a52883132e4d6/hire2retire.svg "Hire2Retire") Sponsored Hire2Retire 4.7/5 (74) Visit Website ](javascript:void(0)) ## Top-Rated Alternatives [ ![Okta](https://images.g2crowd.com/uploads/product/hd_favicon/fc3b8f792177eb1565971fd0bb450896/okta.svg "Okta") Okta 4.5/5 (1,215) ](https://www.g2.com/products/okta/reviews) [ ![Cisco Duo](https://images.g2crowd.com/uploads/product/hd_favicon/0c4cbb48b5fd0e4e0c50c0a558e4898e/cisco-duo.svg "Cisco Duo") Cisco Duo 4.5/5 (500) ](https://www.g2.com/products/cisco-duo/reviews) [ ![OneLogin](https://images.g2crowd.com/uploads/product/hd_favicon/1487565710/onelogin.svg "OneLogin") OneLogin 4.4/5 (272) ](https://www.g2.com/products/onelogin/reviews) [ View All Alternatives ](https://www.g2.com/products/cyberark-workforce-identity/competitors/alternatives) CyberArk Workforce Identity Comparisons ![Product Avatar Image](https://images.g2crowd.com/uploads/product/image/small_square/small_square_6d0241f849d000763024744ff5901159/okta.png "Product Avatar Image") Okta 4.5/5 (1,242) [ Compare Now ](https://www.g2.com/compare/cyberark-workforce-identity-vs-okta) ![Product Avatar Image](https://images.g2crowd.com/uploads/product/image/small_square/small_square_ebfae2a9075850f9fa094c23484ef258/microsoft-entra-id.jpg "Product Avatar Image") Microsoft Entra ID 4.5/5 (911) [ Compare Now ](https://www.g2.com/compare/cyberark-workforce-identity-vs-microsoft-entra-id) ![Product Avatar Image](https://images.g2crowd.com/uploads/product/image/small_square/small_square_a7ca3d4fd0e3b8577bfb724d3ee78293/onelogin.png "Product Avatar Image") OneLogin 4.4/5 (290) [ Compare Now ](https://www.g2.com/compare/cyberark-workforce-identity-vs-onelogin) ##### Categories on G2 [ AWS Marketplace ](https://www.g2.com/categories/aws-marketplace)[ Identity and Access Management (IAM) ](https://www.g2.com/categories/identity-and-access-management-iam)[ Single Sign-On (SSO) ](https://www.g2.com/categories/single-sign-on-sso) [ User Provisioning and Governance Tools ](https://www.g2.com/categories/user-provisioning-and-governance-tools)[ Multi-Factor Authentication (MFA) ](https://www.g2.com/categories/multi-factor-authentication-mfa)[ Passwordless Authentication ](https://www.g2.com/categories/passwordless-authentication)[ Biometric Authentication ](https://www.g2.com/categories/biometric-authentication)[ Cloud Directory Services ](https://www.g2.com/categories/cloud-directory-services)[ Customer Identity and Access Management (CIAM) ](https://www.g2.com/categories/customer-identity-and-access-management-ciam)[ Zero Trust Networking ](https://www.g2.com/categories/zero-trust-networking)[ Risk-Based Authentication (RBA) ](https://www.g2.com/categories/risk-based-authentication-rba)[ Identity Threat Detection and Response (ITDR) ](https://www.g2.com/categories/identity-threat-detection-and-response-itdr)[ User and Entity Behavior Analytics (UEBA) ](https://www.g2.com/categories/user-and-entity-behavior-analytics-ueba) Show More ##### Explore More [ SaaS data backup services comparison for businesses ](https://www.g2.com/discussions/best-saas-data-backup-services-comparison-for-businesses)[ What is the best user-friendly password manager software for desktop? ](https://www.g2.com/discussions/what-is-the-best-user-friendly-password-manager-software-for-desktop)[ What are the top demand planning platforms for seasonal product businesses? ](https://www.g2.com/discussions/what-are-the-top-demand-planning-platforms-for-seasonal-product-businesses) [ Best cloud-based signage software for business ](https://www.g2.com/discussions/what-is-the-best-cloud-based-signage-software-for-business)[ Best API development software for enterprise integrations ](https://www.g2.com/discussions/best-api-development-software-for-enterprise-integrations)[ Pros and Cons Details ](https://www.g2.com/products/cyberark-workforce-identity/reviews?qs=pros-and-cons) Show More [ SaaS data backup services comparison for businesses ](https://www.g2.com/discussions/best-saas-data-backup-services-comparison-for-businesses)[ What is the best user-friendly password manager software for desktop? ](https://www.g2.com/discussions/what-is-the-best-user-friendly-password-manager-software-for-desktop)[ What are the top demand planning platforms for seasonal product businesses? ](https://www.g2.com/discussions/what-are-the-top-demand-planning-platforms-for-seasonal-product-businesses) [ Best cloud-based signage software for business ](https://www.g2.com/discussions/what-is-the-best-cloud-based-signage-software-for-business)[ Best API development software for enterprise integrations ](https://www.g2.com/discussions/best-api-development-software-for-enterprise-integrations)[ Pros and Cons Details ](https://www.g2.com/products/cyberark-workforce-identity/reviews?qs=pros-and-cons)